ADVANCED Anti Keylogger

Discussion in 'other software & services' started by spy1, Jun 21, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    http://www.anti-keylogger.net/advanced_anti_keylogger.html

    Online Help pages: http://www.anti-keylogger.net/advanced_anti_keylogger_help/index.html

    FAQ's page: http://www.anti-keylogger.net/advanced_anti_keylogger_faq.html

    I like the approach (no database updates) and the concept (rules-based blocking).

    The more I look at it, the more intersting it gets - the "Custom Security Mode" apparently runs resident if selected, giving you pop-up warnings if something's attempting to keylog anything real-time.

    Has anyone tried this one yet? Pete
     
  2. controler

    controler Guest

    For a second there, I thought I had this but mine is from Anti-Keyloggers.com

    They would give you a free lifetime LIC if you could send them a Key Logger they didn't detect yet Spy1 :D

    Have you taken it for a test drive yet?

    con
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    <g> Not yet. Weekends are bad for me because I'm even more time-pressed than usual.

    It's hard for me to submit any keyloggers to anyone since I don't have any on my computer. The one time I tried submitting a bleeding-new one that I'd just read about to the people you're referring to, I never heard back from them. Pete
     
  4. controler

    controler Guest

    Spy1

    That is unusual but here is how I did it. I wrote them firt and said,
    Hey? If I have a key logger you don't detect yet, will you send me a free LIC. They wrote back and said sure we will. I kept the e-mail for reference.
    One thing I noticed about Anti-Keylogger is it monitors your registry for startup changes.

    As a side note: I mentioned a few time allready about Antivirus e-mail detection. I know NOD and KAV monitor incomming and outgoing e-mail
    But unless I have found found the setting yet, They do not warn when an e-mail is being sent via your default e-mail client.
    From my testing of Good Stealth Keyloggers, In my case I found, even if you don't have your e-mail client open ( Outlook Express)
    They keylogger will transmit your data via your e-mail client via a hook and you don't even see it unless you are running Norton and have it's splash screen checked to kick on when mail is sent. Unless the Keyloggers have even found a way around this, Norton will KIck i's splash screen when the Keylogger attempts to mail your info.
    Your firewall does not catch it because you have allready giving permission for Outlook express to go out :(
    The best Keyloggers give an option to add two startup locations to your registry. One is a default spot and the other is a spot of your choice.

    con
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    To get back to the subject-at-hand:

    Okay, installed it (there's not much happening anywhere, anyway).

    Not too thrilled with the fact that it (upon re-start after installation) sent me a nice little message through IE congratulating me on installing it (chalk up one for the "phones-home" category).

    Shows as a running process (aaksrv.exe) in WTM.

    Guess I'll just let 'er run and see what happens! :eek: Pete
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    At least it's working. Picked up PGP and NVIDIA's Desktop and Windows Manager.
     

    Attached Files:

  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Oh my. :D

    *Not sure what that was indicating - when I checked Trillian I did find that (for some reason) I had logs kept in both AIM and ICQ - thought I had that turned off, but who knows?

    Anyway, deleted all of them and turned logging off in both programs. I'll check back later and make sure it stays off.

    **I also changed Trill's status to "Always Prohibited" - so if you never see me on Trillian again, let me know! (I'm on right now).
     

    Attached Files:

  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Warns on attempts to copy/paste (left that one alone, I kinda like it).

    Warned on attempt to open new window (let that one slide).
     
  9. StAnger

    StAnger Registered Member

    Joined:
    Jun 8, 2003
    Posts:
    84
    No offense, but haven´t you got that the wrong way around? Probably just me missing the point, that´s basically why I am asking.
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Not sure what you mean - I'm basically talking to myself here, while at the same time letting people know what kind of behavior they can expect from the program if they try it.

    I'm letting it warn me on c&p because other avenues of c&p can occur.

    I'm letting opening a new window slide because it's too much of a PITA to okay all the time.

    Now that you mention that, though, now that I've okayed it, it doesn't show up in the main screen anymore - you have to go to the rules screen to see it.

    *And okaying that one also took away the warning for the c&p. Hmm.
     

    Attached Files:

  11. controler

    controler Guest

    Spy1

    Icf you need a keylogger to try it on I can furnish one.
    I have a few of the setup programs. actualy have a few the developers sent me free since I supplied them with some instances they didn't work in OE using special charcters before and after the sent mail.
     
  12. mr.mark

    mr.mark Guest

    hi pete

    what, if anything, do you make of the fact that Spydex also is the author of EmailSpy?

    http://www.emailspy.net/emailspy.html
     
  13. mr.mark

    mr.mark Guest

    also, fwiw, did you know that Magnus added detection for EmailSpyPro

    TrojanHunter Ruleset update: 35x-2003-06-04

    35x-2003-06-04
    ==============
    - Added Delsha.100
    - Added BeastDoor.209
    - Added HttpRat.017
    - Added Lerk.100
    - Added EmailSpyPro.431

    :)
     
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    mr.mark - Not too worried about it, actually (<g>) - I get less (and more boring) email than anyone else I know.

    The whole Advanced Anti Keylogger folder is only 537KB (the .exe's only 352KB of that) - not a lot of elbow room for anything "extra" there.

    SpyCop, TDS-3, NOD32, GAV, SBS&D, Port Explorer - none of them are showing anything out-of-the-way or hinky regarding AAKL (all have been used to scan it specifically and I have PE spying on it).

    If I find anything, I'll let you know - if I'm missing anything, you let me know. Pete
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    The only thing I really don't like about the program, per se, so far, is that it doesn't have an option not to start it up with windows - it should have that option easily accessible in the main program interface.

    Not only that, but closing the program by use of the SYSTRAY icon does not stop the exe from running - irritating at best, suspicious behavior at worst).

    Killing aak.exe via WTM or C/A/D results in an error if you try to re-start the program before doing a system re-start. Pete
     
  16. mr.mark

    mr.mark Guest

    hi pete

    fwiw, a thread started here on dslreports security forum on this anti-keylogger program....

    some people seem to find it all just too cozy (same company playing both ends of the field). others seem to think it's quite natural.

    my personal gut feeling is to stay away from the anti-keylogger, though you make perfect sense in pointing at the various security tools you have "watching" it.

    best regards,

    :)

    mark
     
  17. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Emailed them some of my questions and got this back:

    "Hello Pete,

    Sunday, June 22, 2003, 5:36:58 PM, you wrote:
    PY> (a) Why does the program installation result in your having an IE page
    PY> opened with a successful install message? What information is collected and
    PY> sent by the program at that time?

    PY> (b)What's the story with all the "HitBox" cookies that you get during
    PY> d/l and installation?

    AAKL nothing collects and sends. Simply "IE successful install
    message" and "HitBox" statistics are exact way to count up real
    quantity of program installations. By the way "IE successful install
    message" of next AAKL version will bring new customers to on-line
    product help and faq as well.

    PY> ( c ) Since you also make EmailSpy and EmailSpyPro, why should we trust
    PY> your product (AAKL)? Does AAKL detect ES and ESP?

    We have designed AAKL because we know the technology of keyloggers well
    and suppose that people in "both sides of barricade" have to have
    security tools. AAKL can't block EmailSpy and EmailSpyPro because they
    are not keyloggers.

    PY> (d) Why doesn't AAKL have an easily-available option within the program
    PY> interface NOT to run it at system start-up? There's no apparent reason for
    PY> it to RUN all the time - or if there is, could you explain it?

    Because keyloggers can start monitoring at any time not only at system
    startup.


    Truly yours

    Spydex Inc.

    Security Software Developer
    ---------------------------
    http://www.spydex.com
    http://www.emailspy.net
    http://www.email-spy.biz


    __________ NOD32 1.443 (20030620) Information __________

    This message was checked by NOD32 Antivirus System.
    http://www.nod32.com"

    Which is good as far as it goes, I guess. They didn't really address the problem regarding the program starting at start-up regardless of what you do to stop it, however (I understood that keylogging programs could start up at anytime, I was looking for some kind of reason why the program didn't simply have an option not to run it if that's what the user desired).

    aak.exe and aaksrv.exe run all the time. Right-clicking the SYSTRAY icon and selecting "Protection is disabled" doesn't kill either one and, of course, each has it's own ProcessID.

    In their favor, they're not sucking up many resources.

    Some of this concerns me, but basically the program is giving me real-time warnings on anything that can even be remotely construed as a key-logging attempt - which I like.

    I'm going to keep it going for awhile (watching it closely).

    I'd still like to be able to click just one button on the main user interface and have both .exe's shut down totally. Pete
     
  18. controler

    controler Guest

    fanj

    as you know I use Anti-Keylogger. This company also makes a Keylogger but you CAN dissable it from starting up via a button.
    When Anti-Keylogger starts up, it starts witha different named EXE each time. That way torjans can't detect a common name to dissable it like all the rest of the software makers do. The trojan trys to dissable your protection via the common EXE used and this EXE stays the same name each time it is loaded. What NOD does is runns two copies to try stop the trojan from dissabling it's scanner.
    Good luck with your new toy :D

    con
     
  19. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Funny how WIlders people's discussion keep giving me ideas for new security products... :cool:

    Keep it up! One day I may even turn them into reality!
     
  20. spyhelper

    spyhelper Guest

    Hey. guy!
    If you want you may try this advanced keylogger. It can the follow features:
    captures passwords and logins
    absolutely invisible keylogger
    keeps track of all Key Strokes
    records all Internet Activity
    keeps visual Screen statistics in Screenshots log
    watches everything opened, typed and saved
    monitors instant messaging software
    keeps tabs on all E-mail clients
    monitors text and graphics copied and cut to the clipboard
    sends reports secretly to your E-mail address
    reveals others secrets

    this keylogger run there better with XP

    You can download it from
    http://www.mykeylogger.com


    Adapted link. You can not use HTML code on this board.
     
  21. mr.mark

    mr.mark Guest

    hey pete

    some not-so-happy campers on the dslreports forum. they're not liking ADVANCED Anti-keylogger™ too much...

    and neither are the folks at Raytown Corporation, who have posted this notification on their site:

    Attention!
    A software product ADVANCED Anti-keylogger™ has entered the IT market. Note that this product has nothing in common with Raytown Corporation. It is a pirate product intended to undermine the name of our trade mark Anti-keylogger™. When installed on your computer ADVANCED Anti-keylogger can cause serious problems - the system hanging-up, blue screens (BSoD) etc. Raytown Corporation is not liable for possible problems caused by this product!


    hth :) mark
     
  22. mr.mark

    mr.mark Guest

    hi con

    i just installed Anti-keylogger tonight. i ran the scan with heuristics set at default (medium) the first time, then cranked it to high setting and rescanned.

    happy to report no keystroke programs currently running on my system. running that initial scan reminded me of the first time i scanned my machines with an AT, holding my breath, not knowing if i had any trojan servers on my hard drive.

    anyway, so far so good with the free evaluation copy of Anti-keylogger. but i have a couple of questions.

    this one i should know, but i don't... does Anti-keylogger run resident, i.e, will it snag a keylogger if it begins executing, or is scanning the only means of detection?

    the other question concerns your comment, "This company also makes a Keylogger but you CAN dissable it from starting up via a button". you were *not* referring to Anti-keylogger, am i right? other than removing it from the start menu, there is no button to turn Anti-keylogger on and off, is there?

    any other insights into the program you'd care to share, i'll be glad to listen. i'm going to have to determine within 15 days if i want to purchase a license.

    regards

    :)

    mark
     
  23. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hello, Mr Mark!

    Yes, I read all the un-happy comments about the program going "pay" and disabling itself. I don't care about that, since it was noted on the website itself that the original version was going to terminate itself when testing was completed (they really should have put that into the "readme" file, though - or at least made the fact stand out a little more on the website. The current website page says nothing about the previous version's actions). I don't have any problem with the way they did it - it's their program.

    I simply un-installed what was left of the 3.0 version (it was still in Add/Remove Programs) and cleaned the remnants out of the registry - I don't have any spare change to spend on purchasing the program.

    As regards Raytown - all I can say about their claims is that I experienced no such problems on my XP Pro machine while I was testing the original version of the AAK program - actually, it worked pretty damned well.

    Good luck with AKL! Pete
     
  24. mr.mark

    mr.mark Guest

    hey pete

    that is very good news indeed. and i was also interested in your take on the dslreports forum "disgruntlement"... what you say makes sense to me.

    so far so good with Anti-keylogger. don't know if i'll pay up when the time comes. i have an email in to their tech support... if i get no response, i generally take that as a fair indicator of how the company will treat any issues after i buy their product. this isn't always an accurate yardstick (vendors sometimes prioritize support requests and the evaluation people get back burner), but it's at least good enough to sway me if i am otherwise undecided.

    thanks for the feed back!

    best regards

    :)

    mark
     
  25. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    You're quite welcome.

    I'll be sticking with SpyCop (sure wish they had resident protection like AAKL did, though. Even though the SC screensaver checks your computer every single time it sits still long enough for the screensaver to kick in, it's still not the same). Pete
     
Loading...
Thread Status:
Not open for further replies.